HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Application Integration
cancel
Showing results for 
Search instead for 
Did you mean: 

What are the minimum permissions for creating snapshots through Vmware? "Administrator" rights are off the table.

 
SOLVED
Go to solution
vtonapi131
Occasional Advisor

What are the minimum permissions for creating snapshots through Vmware? "Administrator" rights are off the table.

Our snapshots were failing and during the investigation, found that our user doesn't have the correct permissions in Vmware.

Message: Failed to create vCenter snapshot associated with volume collection XXXX1 schedule Nimble-Exchange-4am because the system is unable to log into the vCenter server due to an incorrect user name VMstorage or password. Verify the user name and password are correct.

Our Vmware admins will not allow Nimble to use an Administrator account due to concerns with security and general hesitation to allow anything/one admin access. What are the specific permissions required?

Thanks!

2 REPLIES
vtonapi131
Occasional Advisor

Re: What are the minimum permissions for creating snapshots through Vmware? "Administrator" rights are off the table.

Support said they will be testing, documenting, and probably publishing the permissions in a week or so. I will update when it happens.

vtonapi131
Occasional Advisor
Solution

Re: What are the minimum permissions for creating snapshots through Vmware? "Administrator" rights are off the table.

This is what Support replied with:

Privileges for NPM (Volume Collection Backups)

“VirtualMachine.State.CreateSnapshot”,

“VirtualMachine.State.RemoveSnapshot”

If you try “Validate” on the vCenter Sync VolColl, it will check these permissions on all the VMs in the datastores of that VolColl.

Privileges for vCenter Plugin

"Datastore.AllocateSpace",

"Datastore.Config",

"Datastore.Delete",

"Datastore.Move",

"Datastore.Rename",

"Extension.Update",

"Global.CancelTask",

"Host.Config.AdvancedConfig",

"Host.Config.NetService",

"Host.Config.Settings",

"Host.Config.Storage",

"StoragePod.Config",

"System.Anonymous",

"System.Read",

"System.View",

"Task.Create",

"Task.Update"

Along with these, we also expect the privileges in the “NimbleStorage” group should be included in any custom role the user creates.

We tested it against Commvault Intellisnap requirements originally which failed. We removed all Nimble permissions, Verified Commvault Intellisnap permissions and it worked fine. The issue with OUR environment is that within Nimble protection configuration, we had to use <DOMAIN>/username for the user to integrate with Vmware. We may encounter issues in the future for not using all the permissions from Nimble vs. Commvault (there are differences) but at this rate, we have it working.